[data-plane] Add the caching for OIDC JWT token to tokenprovider (kna…

…tive-extensions#3663) * Add the caching to tokenprovider * Add the boiler * Running the codegen * Running the codegen * Revert "Running the codegen" This reverts commit 0ccf69c. * Use constant, set buffer before token expire, remove unnecessary change * Codegen changes * Codegen changes * Update data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java Co-authored-by: Christoph Stäbler <cstabler@redhat.com> * Fix the review comments * Run codegen * Codegen changes * Code gen again --------- Co-authored-by: Christoph Stäbler <cstabler@redhat.com>
creydr · Feb 21, 2024 · 819ce08 · 819ce08
1 parent a22c4d9
commit 819ce08
Showing 1 changed file with 36 additions and 3 deletions.
diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java
@@ -15,30 +15,59 @@
  */
 package dev.knative.eventing.kafka.broker.core.oidc;
 
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
 import dev.knative.eventing.kafka.broker.core.NamespacedName;
 import io.fabric8.kubernetes.api.model.authentication.TokenRequest;
 import io.fabric8.kubernetes.api.model.authentication.TokenRequestBuilder;
 import io.fabric8.kubernetes.client.Config;
 import io.fabric8.kubernetes.client.ConfigBuilder;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.KubernetesClientBuilder;
+import java.util.concurrent.TimeUnit;
 
 public class TokenProvider {
 
+    private static final long TOKEN_EXPIRATION_SECONDS = 3600L; // 1 hour
+    private static final long EXPIRATION_BUFFER_TIME_SECONDS = 300L; // 5 minutes
+
+    private static final long CACHE_MAXIMUM_SIZE = 1000L; //  Cache up to 1000 tokens
+    private static final long CACHE_EXPIRATION_TIME_SECONDS =
+            TOKEN_EXPIRATION_SECONDS - EXPIRATION_BUFFER_TIME_SECONDS; // Cache tokens for 55 minutes
+
     private final KubernetesClient kubernetesClient;
+    private final Cache<String, String> tokenCache;
 
     public TokenProvider() {
         Config clientConfig = new ConfigBuilder().build();
-
         kubernetesClient =
                 new KubernetesClientBuilder().withConfig(clientConfig).build();
+
+        this.tokenCache = CacheBuilder.newBuilder()
+                .expireAfterWrite(CACHE_EXPIRATION_TIME_SECONDS, TimeUnit.SECONDS)
+                .maximumSize(CACHE_MAXIMUM_SIZE)
+                .build();
+    }
+
+    public String getToken(NamespacedName serviceAccount, String audience) {
+        String cacheKey = generateCacheKey(serviceAccount, audience);
+        String token = tokenCache.getIfPresent(cacheKey);
+
+        if (token == null) {
+            token = requestToken(serviceAccount, audience);
+            if (token != null) {
+                tokenCache.put(cacheKey, token);
+            }
+        }
+
+        return token;
     }
 
-    public String requestToken(NamespacedName serviceAccount, String audience) {
+    private String requestToken(NamespacedName serviceAccount, String audience) {
         TokenRequest tokenRequest = new TokenRequestBuilder()
                 .withNewSpec()
                 .withAudiences(audience)
-                .withExpirationSeconds(3600L)
+                .withExpirationSeconds(TOKEN_EXPIRATION_SECONDS)
                 .endSpec()
                 .build();
 
@@ -54,4 +83,8 @@ public String requestToken(NamespacedName serviceAccount, String audience) {
             return null;
         }
     }
+
+    private String generateCacheKey(NamespacedName serviceAccount, String audience) {
+        return serviceAccount.namespace() + "/" + serviceAccount.name() + "/" + audience;
+    }
 }